| View previous topic :: View next topic |
| Author |
Message |
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
 Posted: Fri Jan 16, 2009 5:39 pm Post subject: set the default permissions for new files / folders? |
 |
|
| How to make newly created directories have permissions drwxrwx--T by default? |
|
| Back to top |
|
 |
ziggysquatch
Apprentice
Joined: 16 Nov 2004
Posts: 172
Location: /USA/Minnesota
|
| Posted: Fri Jan 16, 2009 5:55 pm Post subject: |
|
|
globally it's in /etc/profile. per user it's in ~/.bash_profile.
If using bash that is.
| Code: |
change the following to your liking in /etc/profile:
umask 022
|
|
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 16, 2009 6:00 pm Post subject: |
|
|
| That would be nice and neat, but umask seams not to support sticky bit (at least like chmod does), which is why I am asking... |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2048
Location: Germany
|
| Posted: Fri Jan 16, 2009 6:02 pm Post subject: |
|
|
fstab, umask option?
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males
I identify as a dirty penismensch. |
|
| Back to top |
|
|
ziggysquatch
Apprentice
Joined: 16 Nov 2004
Posts: 172
Location: /USA/Minnesota
|
| Posted: Fri Jan 16, 2009 6:37 pm Post subject: |
|
|
| my bad, I read it too fast and didn't even see the sticky bit. As far as I've read you can't do it with umask and most people just use chmod in the profile or some script at startup. bummer. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 16, 2009 6:40 pm Post subject: |
|
|
What the hell?? I can't believe, I really have to chmod EVERY new object in filesystem!! What, I have to set up inotify watch and call chmod automatically? Seams like a stupid solution. |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2048
Location: Germany
|
| Posted: Fri Jan 16, 2009 6:45 pm Post subject: |
|
|
fstab add umask
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males
I identify as a dirty penismensch. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 16, 2009 6:56 pm Post subject: |
|
|
energyman, it is intended to be set on per-user basis. You meant some filesystem mounting options? I'd like you to explain some more...
umask 1777
bash: umask: 1777: octal number out of range
by the way. |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2048
Location: Germany
|
| Posted: Fri Jan 16, 2009 7:34 pm Post subject: |
|
|
'per user basis' so it should only set with some user not the other?
I am sure pam can do that for you - but I don't know how... 
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males
I identify as a dirty penismensch. |
|
| Back to top |
|
|
widremann
Veteran
Joined: 14 Mar 2005
Posts: 1314
|
| Posted: Fri Jan 16, 2009 7:54 pm Post subject: |
|
|
| Just need to ask why you feel the need to set the sticky bit on every new file? |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 16, 2009 8:00 pm Post subject: |
|
|
Not file, directory for some folders shared between multiple users!
Add: so what is the reason behind umask apparently not supporting sticky bit? Am I really alone who needs it? |
|
| Back to top |
|
|
widremann
Veteran
Joined: 14 Mar 2005
Posts: 1314
|
| Posted: Fri Jan 16, 2009 8:02 pm Post subject: |
|
|
| KarlisRepsons wrote: | Not file, directory for some folders shared between multiple users!
Add: so what is the reason behind umask apparently not supporting sticky bit? Am I really alone who needs it? |
So it's only certain folders? Why not just set those manually?
Alternatively, you could just use ACLs (aka, the right way). |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 16, 2009 8:44 pm Post subject: |
|
|
> you could just use ACLs
What do you mean? |
|
| Back to top |
|
|
McLink
Apprentice
Joined: 02 Feb 2008
Posts: 183
Location: /dev/chair
|
| Posted: Fri Jan 16, 2009 9:27 pm Post subject: |
|
|
Partial and rather hacky solution solution:
| Code: | # .bashrc
function _my_mkdir ()
{
mkdir $@
chmod +t $@
}
function _my_touch ()
{
touch $@
chmod +t $@
}
alias mkdir='_my_mkdir'
alias touch='_my_touch' |
Just make sure not to call mkdir or touch with any flags.
Alternatively, roll your own version of bash with support for sticky-bits in the umask. You'll break POSIX compatibility, so it isn't recommended for production boxen, but it's possible nonetheless - and probably not even that difficult to do.
Ah, the wonders of open source.
_________________
| Mc'abit wrote: | | Islam isn't the problem, religion is. |
|
|
| Back to top |
|
|
widremann
Veteran
Joined: 14 Mar 2005
Posts: 1314
|
| Posted: Fri Jan 16, 2009 10:20 pm Post subject: |
|
|
| KarlisRepsons wrote: | > you could just use ACLs
What do you mean? |
man 5 acl
You will have to enable them for your filesystem. ext3 has them under Extended Attributes.
They allow you to set per-user access to files and directories as well as default access for new files and directories. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Sat Jan 17, 2009 11:27 am Post subject: |
|
|
Interesting, is it possible to hide the existence of some particular files or somehow similar?
Linux default access control can be tuned to forbid directory listings, but it will show the existence of file, if its name is guessed. |
|
| Back to top |
|
|
widremann
Veteran
Joined: 14 Mar 2005
Posts: 1314
|
| Posted: Sat Jan 17, 2009 2:46 pm Post subject: |
|
|
| KarlisRepsons wrote: | Interesting, is it possible to hide the existence of some particular files or somehow similar?
Linux default access control can be tuned to forbid directory listings, but it will show the existence of file, if its name is guessed. |
Just disable access to the directory altogether. That's really the only thing that makes sense semantically. That's because the names of the files in a directory are stored in the directory itself. You can't selectively hide entries in the directory. Either you can access the whole directory file, or you can't.
Of course, if you want to write a filesystem that lets you do this, go right ahead . It would be cool, to say the least. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Sat Jan 17, 2009 4:41 pm Post subject: |
|
|
| Thank you for explanation. Perhaps it doesn't take writing a new filesystem, but is not a clean solution then. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Tue Jan 20, 2009 3:48 pm Post subject: |
|
|
Anyway, here this is written:
As for POSIX ACLs, although they are a substantial improvement, many restrictions remain:
* More find-grained permissions would be useful. For directories, the write permission includes the rights to add and remove files.
So is there any sticky bit analog for LINUX, which also supports being into default permissions or no? |
|
| Back to top |
|
|
widremann
Veteran
Joined: 14 Mar 2005
Posts: 1314
|
| Posted: Tue Jan 20, 2009 8:50 pm Post subject: |
|
|
| KarlisRepsons wrote: | Anyway, here this is written:
As for POSIX ACLs, although they are a substantial improvement, many restrictions remain:
* More find-grained permissions would be useful. For directories, the write permission includes the rights to add and remove files.
So is there any sticky bit analog for LINUX, which also supports being into default permissions or no? |
I think not, actually. At first I thought ACLs would solve this problem, but upon further think, it looks like you are right.
You could patch the system call table and have mkdir() set the sticky bit automatically when creating new directories in a certain place, but I think Linus would probably come at you with a butcher knife if you did that. |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Wed Jan 21, 2009 9:30 am Post subject: |
|
|
Well, here I am. I admit, it would further complicate things, if default sticky bit is used for long, but at this time I saw it useful.
Even if those settings I am looking for are a bit complicated and can result into hard-to-manage directory tree, it still seams useful for me.
Not to end this here with almost nothing, maybe someone has an idea who should be asked to consider changes to support "default sticky bit"? |
|
| Back to top |
|
|
desultory
Bodhisattva
Joined: 04 Nov 2005
Posts: 9410
|
| Posted: Fri Jan 23, 2009 7:40 am Post subject: |
|
|
| Moved from Off the Wall to Networking & Security. |
|
| Back to top |
|
|
cwr
Veteran
Joined: 17 Dec 2005
Posts: 1969
|
| Posted: Fri Jan 23, 2009 12:28 pm Post subject: |
|
|
I doubt anyone would be interested in such a change: mkdir is pretty old, and
the requirement hasn't come up before. The best bet would be to find out
which tools or libraries are accessing umask, and alter and recompile the tools
themselves. mkdir itself would be a start.
Will |
|
| Back to top |
|
|
KarlisRepsons
Apprentice
Joined: 03 Nov 2008
Posts: 229
Location: Latvia
|
| Posted: Fri Jan 23, 2009 4:13 pm Post subject: |
|
|
| OH MY GOD, the river flows backwards: my post gets out of "Off the Wall"! |
|
| Back to top |
|
|
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Fri Jan 23, 2009 4:25 pm Post subject: |
|
|
It happens from time to time.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
|
Networking & Security
